Netherlands Payment Institution Licensing for Fintechs

Netherlands payment institution licensing under PSD2 gives fintechs an EU passport via DNB authorisation. The licence types, process and expectations.

The Netherlands has quietly become one of the more credible homes in Europe for a regulated payments business. It offers an English-comfortable, technically sophisticated regulator, deep payments infrastructure, strong connectivity to the European banking system, and the prize that every European payments founder is really after: a single authorisation that passports across the European Economic Area.

For founders weighing where to seek Netherlands payment institution licensing, the appeal is not low-touch regulation. The Dutch central bank, De Nederlandsche Bank, runs a demanding process. The appeal is reputation, market access and the willingness of banks and partners to deal with a properly supervised Dutch institution.

This guide explains the licence categories under PSD2, what the application involves, the substance and governance supervisors expect, and which businesses the Dutch route genuinely suits as at 2026.

The licensing landscape under PSD2

European payments are governed by the second Payment Services Directive, PSD2, transposed into Dutch law and supervised by De Nederlandsche Bank, often working alongside the conduct authority. PSD2 defines the services that require authorisation and sets the categories a fintech can apply for.

A full payment institution authorisation covers the broadest range of payment services: executing payment transactions, issuing payment instruments, acquiring transactions, money remittance and operating accounts. This is the licence most ambitious payments businesses pursue.

An electronic money institution, or EMI, licence is required where the business issues e-money, meaning stored monetary value that customers can hold and spend, which sits behind most wallet and prepaid card propositions. An EMI authorisation also encompasses payment services, so it is broader than a payment institution licence.

PSD2 also created lighter categories. A registered account information service provider, providing aggregation of account data, faces a lighter regime than full authorisation, while a payment initiation service provider that initiates payments from a user's bank account requires authorisation with appropriate safeguards. There is also a small payment institution regime for limited-volume businesses, which trades reduced requirements for a restriction on passporting.

Choosing the right category is the first real decision, and getting it wrong wastes months. The category must match the actual business model and its realistic trajectory.

The EU passport: the real prize

The reason founders accept a demanding Dutch process is the EU passport. Once authorised in the Netherlands, a payment or e-money institution can passport its services across the EEA, either by establishing branches or by providing services cross-border, without seeking a fresh licence in each member state.

This converts a single, rigorous authorisation into market access across a very large bloc. For a payments business with pan-European ambitions, that is transformational compared with licensing country by country.

The passport is also why supervisors scrutinise applicants so carefully. A Dutch licence is a key to the whole single market, so DNB has every incentive to authorise only well-run, well-capitalised, properly governed firms. Applicants who treat the process as a formality tend to be disabused of that view quickly.

It is worth noting that passporting is not entirely frictionless in practice. Host-state regulators in the countries you serve retain certain conduct and consumer-protection oversight, and operating cross-border can bring local notification, reporting and sometimes local presence expectations depending on the activity. The passport removes the need for a second licence; it does not remove the need to understand each market you enter. We plan for that from the start rather than treating Europe as a single undifferentiated territory.

What the application actually involves

A credible application is a substantial document set and a serious operational build. Supervisors will expect to see, in essence, a coherent and tested business reflected on paper.

Capital. PSD2 sets minimum initial capital that varies by licence category, with e-money issuance carrying its own requirements, and ongoing own-funds calculated by reference to activity. Applicants must show the capital is real and that the firm can stay above the threshold as it grows.

Safeguarding. Client funds must be protected, typically by holding them in segregated accounts at a credit institution or through an equivalent method. Safeguarding arrangements are examined closely because they protect customers if the firm fails, and weaknesses here are a common stumbling block.

Governance and fit-and-proper. Directors and key function holders must satisfy fitness and propriety standards. Supervisors look for genuine experience in payments, risk and compliance, not borrowed credibility.

Risk and compliance frameworks. Anti-money-laundering and counter-terrorist-financing systems, transaction monitoring, a money laundering reporting function, operational and IT risk management, business continuity and security of payments must all be documented and operational, not aspirational.

Business plan and financials. A realistic plan with forecasts, a clear funds flow, and an explanation of how the model works in practice is expected. Vague or inflated projections undermine confidence.

Timelines depend heavily on the quality of the submission and the firm's responsiveness, and processing can extend where supervisors raise questions. We would caution against publishing a launch date that assumes a fast, clean approval.

Substance and ongoing obligations

A Dutch payments licence is not a brass-plate exercise. Supervisors expect the firm to be genuinely run from the Netherlands, with real decision-making, appropriate local presence, qualified people in key roles and effective oversight of any outsourcing.

Once authorised, the obligations are continuous. They include regulatory reporting, maintaining capital and safeguarding, ongoing AML and fraud controls, incident and security reporting, and notifying the regulator of material changes such as new services, changes of control or significant outsourcing. The cost and discipline of staying compliant typically exceed the cost of getting authorised, and that running burden should be budgeted from the outset.

Who the Dutch route suits

The Netherlands suits payments and e-money businesses that want a reputable EEA base, value the regulator's standing with banks and partners, and intend to operate across Europe via the passport. It works well for teams that can commit genuine substance and that see regulation as part of the product rather than an obstacle.

It suits less well very early-stage teams hoping for a quick, light-touch licence, or those unwilling to fund real capital, safeguarding and compliance. For some such businesses, an agency or distribution arrangement with an existing licensed institution, or a different EEA jurisdiction, may be a more sensible first step. We assess that honestly rather than pushing every client toward a full licence.

How HPT helps

We help fintech founders choose the right licence category for their model, prepare for engagement with De Nederlandsche Bank, build the capital, safeguarding, governance and AML frameworks supervisors expect, and design the substance that makes an application credible. Where a partnered or alternative route is the better path, we will tell you.

If you are mapping a regulated payments business in the Netherlands, we would be glad to help you scope it properly.